- [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for the MIT

Kerberos code path into a common function and expand mkstemp template to be consistent with the rest of OpenSSH. From sxw at inf.ed.ac.uk, ok djm@
author: Darren Tucker <dtucker@zip.com.au> 2005-07-07 11:50:20 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2005-07-07 11:50:20 +1000
commit: a916d143a16c59a6bc82df5e1d6b046e17d31848 (patch)
tree: e1d10bb44cf7af70845fbb927f2b8ed92e4f1468
parent: f92c0794ec9162f4e0d5291fe58e4fcb5a00f6d3 (diff)
4 files changed, 46 insertions, 52 deletions
diff --git a/ChangeLog b/ChangeLog
index 314d38f03..823c34bc2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20050707
+ - [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for the MIT
+   Kerberos code path into a common function and expand mkstemp template to be
+   consistent with the rest of OpenSSH.  From sxw at inf.ed.ac.uk, ok djm@
 20050706
 - (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2005/07/01 13:19:47
@@ -2782,4 +2787,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3835 2005/07/05 23:45:26 djm Exp $
+$Id: ChangeLog,v 1.3836 2005/07/07 01:50:20 dtucker Exp $
diff --git a/auth-krb5.c b/auth-krb5.c
index 2f742534a..01b387c23 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -67,9 +67,6 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 #ifndef HEIMDAL
        krb5_creds creds;
        krb5_principal server;
-        char ccname[40];
-        int tmpfd;
-        mode_t old_umask;
 #endif
        krb5_error_code problem;
        krb5_ccache ccache = NULL;
@@ -146,26 +143,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
                goto out;
        }
-        snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
+        problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);
-        old_umask = umask(0177);
-        tmpfd = mkstemp(ccname + strlen("FILE:"));
-        umask(old_umask);
-        if (tmpfd == -1) {
-                logit("mkstemp(): %.100s", strerror(errno));
-                problem = errno;
-                goto out;
-        }
-        if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
-                logit("fchmod(): %.100s", strerror(errno));
-                close(tmpfd);
-                problem = errno;
-                goto out;
-        }
-        close(tmpfd);
-        problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &authctxt->krb5_fwd_ccache);
        if (problem)
                goto out;
@@ -234,4 +212,34 @@ krb5_cleanup_proc(Authctxt *authctxt)
        }
 }
+#ifndef HEIMDAL
+krb5_error_code
+ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
+        int tmpfd, ret;
+        char ccname[40];
+        mode_t old_umask;
+        ret = snprintf(ccname, sizeof(ccname),
+            "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
+        if (ret == -1 || ret >= sizeof(ccname))
+                return errno;
+        old_umask = umask(0177);
+        tmpfd = mkstemp(ccname + strlen("FILE:"));
+        umask(old_umask);
+        if (tmpfd == -1) {
+                logit("mkstemp(): %.100s", strerror(errno));
+                return errno;
+        }
+        if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
+                logit("fchmod(): %.100s", strerror(errno));
+                close(tmpfd);
+                return errno;
+        }
+        close(tmpfd);
+        return (krb5_cc_resolve(ctx, ccname, ccache));
+}
+#endif /* !HEIMDAL */
 #endif /* KRB5 */
diff --git a/auth.h b/auth.h
index bf47b9a64..8b814ba6a 100644
--- a/auth.h
+++ b/auth.h
@@ -191,4 +191,9 @@ int	 sys_auth_passwd(Authctxt *, const char *);
 #define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
 #define SKEY_PROMPT "\nS/Key Password: "
+#if defined(KRB5) && !defined(HEIMDAL)
+#include <krb5.h>
+krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *);
+#endif
 #endif
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index 91d87f798..c642a83fe 100644
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -131,34 +131,10 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
                return;
        }
 #else
-        {
+        if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) {
-                int tmpfd;
+                logit("ssh_krb5_cc_gen(): %.100s",
-                char ccname[40];
+                    krb5_get_err_text(krb_context, problem));
-                mode_t old_umask;
+                return;
-                snprintf(ccname, sizeof(ccname),
-                    "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
-                old_umask = umask(0177);
-                tmpfd = mkstemp(ccname + strlen("FILE:"));
-                umask(old_umask);
-                if (tmpfd == -1) {
-                        logit("mkstemp(): %.100s", strerror(errno));
-                        problem = errno;
-                        return;
-                }
-                if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) {
-                        logit("fchmod(): %.100s", strerror(errno));
-                        close(tmpfd);
-                        problem = errno;
-                        return;
-                }
-                close(tmpfd);
-                if ((problem = krb5_cc_resolve(krb_context, ccname, &ccache))) {
-                        logit("krb5_cc_resolve(): %.100s",
-                            krb5_get_err_text(krb_context, problem));
-                        return;
-                }
        }
 #endif  /* #ifdef HEIMDAL */
author	Darren Tucker <dtucker@zip.com.au>	2005-07-07 11:50:20 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2005-07-07 11:50:20 +1000
commit	a916d143a16c59a6bc82df5e1d6b046e17d31848 (patch)
tree	e1d10bb44cf7af70845fbb927f2b8ed92e4f1468
parent	f92c0794ec9162f4e0d5291fe58e4fcb5a00f6d3 (diff)